These maturing business models require constant innovation on behalf of the cybercriminals providing the easy to use and manage DIY DDoS bots, the foundation of these business models. What are some of the latest developments in this field? Are the malware coders behind these releases actually innovating, or are they basically re-branding old malware bots and reintroducing them on the market? Let’s find out.

In this post, I’ll profile a recently released DIY DDoS bot, which according to its author is a modification of the Dirt Jumper DDoS bot.

More details:

Sample screenshot of the command and control interface of the Russian DIY DDoS Bot:

The bot supports SYN flooding, HTTP flooding, POST flooding and the special Anti-DDoS protection type of flooding. It has also built-in anti-antivirus features allowing it avoid detection by popular host-based firewalls, next to a feature allowing it do detect and remove competing malware bots from the system, preserving its current state for the users of the bot. Moreover, according to its author, it will not work under a virtual machine preventing potential analysis of the malicious binaries conducted by a malware researcher.

Another interesting feature is the randomization of the HTTP requests using multiple user-agents in an attempt to trick anti-DDoS protection on the affected hosts. Apparently, the coder behind this malware bot, claims to have the source code of the Dirt Jumper DDoS kit, which we cannot verify for the time being given the fact that the source code for this bot isn’t currently circulating in the wild, and that there are zero advertisements within the cybercrime ecosystem offering to sell access to it.